The Digital Trust Digest is a curated overview of the week’s top cybersecurity news. Here’s what you need to know this week.
Gartner predicts Web3 will drive adoption of decentralized identity
Any major innovation in networking or computing ushers in a new ecosystem of IAM technologies and practices — and these ecosystems often clash. According to Gartner, Web3 and its decentralized approach to identity could enhance the efficiency, privacy, and security of our systems.
At the Gartner Identity & Access Management Summit, a Gartner VP Analyst posited that in Web3, identity wallets will take the place of internet browsers as a point of entry into the web. The challenges are two-fold — achieving a standardized universal wallet and creating interoperability between Web2 and Web3 protocols.
To see how decentralized identity may be the future, SDxCentral has the rundown.
Twitter source code leaked on GitHub
According to a Digital Millennium Copyright Act Takedown request filed on Saturday, a portion of Twitter’s proprietary source code has been publicly available on GitHub since January 3 — almost three entire months.
While it’s unclear whether the leak poses risks for Twitter users, the breach indicates continued volatility within the company. However, Twitter is hardly the only big name to suffer a source code leak in recent memory. Samsung, Uber, and others fell victim to compromised source code last year.
While many instances involve malicious actors, others happen simply due to the complexity of working with git, CI/CD, and a sprawling number of repositories. DarkReading gives you the complete ins and outs of source code incidents, so you can protect yours.
In light of the Matter Standard, Wemo rethinks smart home strategy
Wemo, Belkin’s smart home company, has paused the development of Matter-supported smart home devices. While Wemo has designed and updated a few products to use Thread, the primary wireless protocol beneath the Matter standard, these products will only work with Apple HomeKit. This skirts the Matter standard’s promise of universal smart home platform compatibility.
Belkin/Wemo typically design products to accommodate Apple’s more rigid security specifications, but this raises their price point compared to less-secure bargain bin IoT devices. This may indicate how difficult it is to position security as a product differentiator.
While other big names like Samsung, Google, and Amazon are forging partnerships for special onboardings between their ecosystems, Apple hasn’t been so eager to play. It just goes to show how difficult a universal standard is to implement. For all of the IoT drama, Verge has the scoop.
Forrester weighs in on White House’s National Cybersecurity Strategy
Earlier this month, the White House announced the Biden administration’s National Cybersecurity Strategy. The strategy identifies five key pillars that enable a cyber-secure future, including the modernization of critical infrastructure, taking the offensive against threat actors, and forging international partnerships, among others.
For the Forbes Tech Council, Forrester broke down each pillar and the strategic objectives within them to parse actionable insights about what these initiatives will mean for enterprises and how security leaders can consider the strategy against their own goals.
Google intends to reduce TLS certificate lifecycle by more than 75%
In its “Moving Forward, Together” roadmap, Google announced its intention to reduce the lifecycle for public TLS certificates from 398 days to 90 days. For many organizations, the process of managing and renewing certificates is tedious and time-consuming already. Increasing the certificate maintenance burden by 4x would spell disaster.
Google could make this change as a policy update or as a CA/Browser Forum Ballot Proposal, but it doesn’t need to. Google needs no approval to update Chrome’s root program, and Chrome holds so much market share that every commercial public certificate authority would practically have to accommodate it.
Google didn’t specify a timeline for this change, but DarkReading guesstimates the end of 2024. As the full piece indicates, there’s plenty of time to adapt but not a second to waste.
